TR/ATRAPS Gen und TR/ATRAPS Gen2 C:\RECYCLER\S-1-5-21-3287549451-3649138221-mit Avira endeckt. Mit Malewarebytes entfernt. Logfiles angefügt
Hallo erst einmal an alle.
Wie im Betreff zu lesen ein kleines evtl großes Problem.
Aber nun mal chronologisch:
-Am 08.10 (Montag) habe ich mir 3 Themplates für Joomla runtergeladen.
-Überprüft mit Avira, alles ok.
-In meinen Webspace hochgeladen und dort Installiert.
-Knapp eine 2 Stunden später 2 Meldungen von Avira
(Beide als .txt im Anhang)
-Entfernen in das Quarantäne Verzeichnis brachte nicht den gewünschten Erfolg, die Schädlinge Tauchten immer wieder im auf.
(C:\RECYCLER\S-1-5-21-3287549451-3649138221)
-Danach habe ich Malwarebytes Antimalware installiert.
Das Programm teilte mir sofort mit das ein Prozess im Hintergrund lief der ein
Schadprogramm ist und hat diesen in Quarantäne verschoben.
-Dann mit Malwarebytes einen Quickscan durchgeführt. Zwei Infizierte Dateien gefunden. (Bericht im Anhang)
-Nach PC Neustart kam eine Systemmeldung das ein Prozess nicht ausgeführt werden kann weil nicht mehr vorhanden. (Sozusagen der "Schadprozess")
-Mit Malwarebytes noch 3 weitere Scans durchgeführt (Vollscan)
(Berichte auch im Anhang)
-Beim ersten Vollscan noch mehr Schädlinge entdeckt und verschoben.
Danach konnte das Programm jedoch keine Schädlinge mehr entdecken.
(Berichte im Anhang)
-Oldtimer ausgeführt:
OTL Logfile: Code:
OTL logfile created on: 11.10.2012 14:57:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Acki\Eigene Dateien\Downloads\Virenbekaempfung
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,42 Mb Total Physical Memory | 519,64 Mb Available Physical Memory | 50,82% Memory free
2,40 Gb Paging File | 1,90 Gb Available in Paging File | 79,20% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 32,60 Gb Total Space | 5,77 Gb Free Space | 17,69% Space Free | Partition Type: NTFS
Drive D: | 34,94 Gb Total Space | 5,20 Gb Free Space | 14,88% Space Free | Partition Type: NTFS
Drive F: | 1,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ACKINOTEBOOK | User Name: Acki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.10.11 14:43:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Acki\Eigene Dateien\Downloads\Virenbekaempfung\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.11 12:46:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.13 22:48:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.13 22:48:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.13 22:48:09 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.08.05 14:09:08 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010.03.25 02:32:16 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.11.23 15:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\WTouch\WTouchUser.exe
PRC - [2009.11.23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\WTouch\WTouchService.exe
PRC - [2009.11.23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009.11.23 15:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007.03.02 14:05:00 | 001,994,752 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\V2_0_1\Bin\fbserver.exe
PRC - [2007.03.02 14:05:00 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\V2_0_1\Bin\fbguard.exe
PRC - [2005.06.17 17:54:12 | 000,143,360 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
PRC - [2005.06.15 11:17:44 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005.06.15 11:17:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005.06.15 11:17:38 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005.05.20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005.05.15 05:51:24 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2004.10.12 04:47:06 | 000,098,304 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004.10.12 03:40:38 | 000,118,784 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2004.02.20 14:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe
PRC - [2003.11.07 10:21:28 | 000,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2003.02.26 04:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
========== Modules (No Company Name) ==========
MOD - [2012.10.10 17:33:16 | 000,070,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\2d7f6f8c523fcbbfbc2c04825f60e111\VMC.WindowsService.Messaging.ni.dll
MOD - [2012.10.10 17:33:14 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.10.10 17:32:22 | 000,497,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\e0c17289efdc89fc2c8237c065ddc33b\VMC.ConnectionServicesInterface.ni.dll
MOD - [2012.10.10 17:32:20 | 000,946,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Pl#\6cf8a8027959364e2e68ee90381a3171\VMC.BaseServices.Platform.ni.dll
MOD - [2012.10.10 17:32:07 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
MOD - [2012.10.10 17:31:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.10.10 16:33:40 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.10.10 16:27:10 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012.10.10 16:24:01 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.10.10 16:23:11 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.07.27 22:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.05.13 22:48:12 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.06.18 12:03:56 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.06.18 12:03:55 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.06.18 12:03:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2009.03.02 13:02:52 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssp4ml3.dll
MOD - [2007.04.02 14:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006.08.02 00:26:20 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006.08.02 00:24:54 | 000,348,160 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005.06.02 12:40:42 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\vsmon1.dll
MOD - [2005.05.20 17:42:20 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2005.03.09 21:30:28 | 001,212,416 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU
MOD - [2004.10.12 04:47:06 | 000,098,304 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
MOD - [2004.10.12 04:46:52 | 000,147,456 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 3.0\platform.dll
MOD - [2004.10.12 03:40:38 | 000,118,784 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
MOD - [2003.05.19 21:16:04 | 000,120,320 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (vsmon)
SRV - File not found [On_Demand | Stopped] -- Z:\Programme\Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.07 21:33:48 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.05.13 22:48:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.13 22:48:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.08.05 14:09:08 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010.08.05 14:09:05 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.08.04 17:42:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.25 02:32:16 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.08 21:04:34 | 000,673,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2009.11.23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009.11.23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008.11.18 12:20:24 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007.03.02 14:05:00 | 001,994,752 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Programme\Firebird\V2_0_1\Bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2007.03.02 14:05:00 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Programme\Firebird\V2_0_1\Bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.06.12 14:03:34 | 001,957,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006.05.22 12:34:12 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2006.05.17 17:19:26 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.06.17 19:04:48 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler)
SRV - [2005.06.17 17:54:12 | 000,143,360 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2005.06.15 11:17:46 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005.06.15 11:17:44 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005.06.15 11:17:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005.06.15 11:17:38 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005.06.07 03:38:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2005.06.07 01:32:54 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005.06.07 01:28:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005.06.07 01:22:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005.06.03 05:21:00 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005.05.20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005.04.05 13:06:36 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005.01.04 11:09:36 | 000,398,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -- (VCI)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.10.12 04:47:06 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004.10.12 03:40:38 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2004.03.18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.13 22:48:13 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.13 22:48:13 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.31 11:10:24 | 000,039,600 | R--- | M] (WCH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBSER34.SYS -- (USBSER34)
DRV - [2011.10.18 03:43:42 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.03 11:27:43 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.01 19:35:22 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV - [2009.11.16 14:31:44 | 000,020,032 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modrc.sys -- (MODRC)
DRV - [2009.11.16 14:31:34 | 000,560,448 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mod7700.sys -- (mod7700)
DRV - [2009.11.04 16:59:38 | 000,102,528 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.08.27 15:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009.05.20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.06.27 15:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007.06.27 15:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007.02.28 14:42:00 | 000,080,896 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2007.02.16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006.08.02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006.06.29 19:49:38 | 002,206,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2005.06.29 07:35:10 | 003,173,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005.05.23 03:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.05.23 03:30:48 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.05.23 03:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.02.10 23:07:50 | 000,456,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2003.09.29 06:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000.12.05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000.11.09 12:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
IE - HKCU\..\SearchScopes,DefaultScope = {F6E864C7-CE2D-4CBF-B519-B4148E2CBF26}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2
IE - HKCU\..\SearchScopes\{F6E864C7-CE2D-4CBF-B519-B4148E2CBF26}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.5
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Programme\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Programme\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.07 21:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.07 21:33:36 | 000,000,000 | ---D | M]
[2010.06.17 22:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Extensions
[2012.10.10 15:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\extensions
[2010.06.21 18:05:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.16 23:10:56 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.21 15:47:35 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\extensions\firefox@ghostery.com
[2012.01.27 17:41:57 | 000,550,833 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.10.10 15:46:43 | 000,565,762 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\extensions\toolbar@web.de.xpi
[2012.03.29 16:34:41 | 000,685,019 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012.10.10 15:47:05 | 000,000,911 | ---- | M] () -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\searchplugins\11-suche.xml
[2011.01.17 15:41:40 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\searchplugins\conduit.xml
[2012.10.10 15:47:06 | 000,002,273 | ---- | M] () -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\searchplugins\englische-ergebnisse.xml
[2012.10.10 15:47:05 | 000,010,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\searchplugins\gmx-suche.xml
[2012.10.10 15:47:06 | 000,002,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\searchplugins\lastminute.xml
[2010.08.02 12:52:27 | 000,002,149 | ---- | M] () -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\searchplugins\MyStart Search.xml
[2012.10.10 15:47:05 | 000,005,545 | ---- | M] () -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Mozilla\Firefox\Profiles\vany7ae0.default\searchplugins\webde-suche.xml
[2012.09.07 21:33:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.07 21:33:49 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.06.30 17:22:37 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.05 16:45:46 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 19:13:18 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.05 16:45:46 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.05 16:45:46 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.05 16:45:46 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.05 16:45:46 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.08.05 19:39:26 | 000,001,355 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - Z:\PROGRA~1\Office\Office12\GRA8E1~1.DLL File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Z:\PROGRA~1\Office\Office12\ONBttnIE.dll File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Z:\PROGRA~1\Office\Office12\ONBttnIE.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Z:\PROGRA~1\Office\Office12\REFIEBAR.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349877384687 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Z:\PROGRA~1\Office\Office12\GR99D3~1.DLL File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1280x800.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Z:\PROGRA~1\Office\Office12\GRA8E1~1.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.07.13 12:03:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.03.30 14:59:24 | 000,000,513 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{09de3bf7-a54b-11df-a092-b6a81a60b0e7}\Shell - "" = AutoRun
O33 - MountPoints2\{09de3bf7-a54b-11df-a092-b6a81a60b0e7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2068fd20-21ba-11e0-a184-a54299e588a8}\Shell - "" = AutoRun
O33 - MountPoints2\{2068fd20-21ba-11e0-a184-a54299e588a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5d36f7ee-bc29-11df-a0bf-0013cead7f8f}\Shell - "" = AutoRun
O33 - MountPoints2\{5d36f7ee-bc29-11df-a0bf-0013cead7f8f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8423837a-7a45-11df-a027-0013cead7f8f}\Shell - "" = AutoRun
O33 - MountPoints2\{8423837a-7a45-11df-a027-0013cead7f8f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8423837b-7a45-11df-a027-0013cead7f8f}\Shell - "" = AutoRun
O33 - MountPoints2\{8423837b-7a45-11df-a027-0013cead7f8f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8423837b-7a45-11df-a027-0013cead7f8f}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{f726b792-7d48-11df-a03d-c50cb663cda4}\Shell - "" = AutoRun
O33 - MountPoints2\{f726b792-7d48-11df-a03d-c50cb663cda4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Start.exe -- [2008.07.22 10:29:04 | 001,992,704 | R--- | M] (Franzis Verlag GmbH)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.10.10 17:14:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Acki\Desktop\Logfiles
[2012.10.10 16:19:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.09 17:03:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Malwarebytes
[2012.10.09 17:03:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.10.09 17:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.10.09 17:02:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.10.09 17:02:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.10.08 18:04:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Acki\Lokale Einstellungen\Anwendungsdaten\Help
[2012.10.08 18:04:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Help
[2012.10.01 12:32:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\FileZilla
[2012.10.01 12:31:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FileZilla FTP Client
[2012.10.01 12:31:45 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.10.11 14:51:40 | 000,022,745 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.10.11 14:50:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.11 14:47:13 | 000,000,182 | ---- | M] () -- C:\Dokumente und Einstellungen\Acki\defogger_reenable
[2012.10.10 16:45:16 | 000,002,533 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone Mobile Connect.lnk
[2012.10.10 16:40:31 | 000,013,547 | ---- | M] () -- C:\WINDOWS\System32\Pen_Tablet.dat
[2012.10.10 16:39:50 | 003,675,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.10.10 16:32:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.10.10 16:27:40 | 000,558,062 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.10 16:27:40 | 000,501,210 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.10 16:27:40 | 000,125,806 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.10 16:27:40 | 000,094,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.10 16:00:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.09 17:03:23 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.24 21:38:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.09.21 19:33:44 | 000,166,297 | ---- | M] () -- C:\Dokumente und Einstellungen\Acki\Desktop\german_oep_-_final_-_october_2012_clean_0.pdf
[2012.09.12 10:36:53 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.10.11 14:46:46 | 000,000,182 | ---- | C] () -- C:\Dokumente und Einstellungen\Acki\defogger_reenable
[2012.10.09 17:03:23 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.21 19:33:44 | 000,166,297 | ---- | C] () -- C:\Dokumente und Einstellungen\Acki\Desktop\german_oep_-_final_-_october_2012_clean_0.pdf
[2012.04.20 15:16:36 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2012.04.20 15:15:55 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp4ml3.dll
[2012.04.09 12:51:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.03.14 19:55:53 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Adobe PNG Format CS5 Prefs
[2011.09.05 19:41:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011.08.19 18:00:40 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2011.07.12 22:07:39 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Adobe GIF Format CS5 Prefs
[2011.07.08 14:12:02 | 000,019,541 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2011.07.08 14:12:02 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2011.06.22 19:37:15 | 000,000,072 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2011.03.07 00:41:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.12.24 17:06:39 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.10.02 19:46:37 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.09 13:45:46 | 000,001,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Acki\Lokale Einstellungen\Anwendungsdaten\Adobe Für Web speichern 12.0 Prefs
[2010.06.27 06:39:30 | 000,192,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Acki\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.18 12:14:44 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\$_hpcst$.hpc
[2010.03.15 20:15:34 | 000,156,430 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4
========== ZeroAccess Check ==========
[2010.06.17 21:24:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.11.17 18:13:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\calibre
[2012.03.08 01:44:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.03.05 19:46:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\CheckPoint
[2010.12.27 19:29:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1
[2012.08.20 19:03:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Dev-Cpp
[2010.07.16 23:10:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.08.19 18:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Echo Software
[2011.06.22 19:19:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\eXPert PDF Editor
[2012.10.01 18:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\FileZilla
[2010.12.24 12:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\IcoFX
[2012.04.20 17:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\MAGIX
[2011.12.25 14:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Softland
[2011.09.05 19:34:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\TerraTec
[2011.07.04 21:19:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Toolbar4
[2011.07.02 19:41:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\TrueCrypt
[2010.06.18 21:22:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\TuneUp Software
[2011.03.13 15:07:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Uniblue
[2010.06.17 21:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Vodafone
[2010.11.17 21:30:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Wacom
[2010.11.17 21:30:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010.06.18 11:42:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Windows Desktop Search
[2010.06.18 12:13:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\Windows Search
[2010.06.23 17:43:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Acki\Anwendungsdaten\WTouch
[2011.04.07 17:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Eaton
[2010.09.28 10:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF
[2010.09.28 10:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF 4
[2010.09.28 10:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF Jobs
[2010.08.02 12:56:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM
[2010.08.02 12:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail
[2012.02.27 20:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jtl-software
[2012.04.20 17:46:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010.08.05 19:37:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2011.07.04 21:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeedBit
[2011.09.05 19:34:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec
[2010.06.18 21:22:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.11.24 20:25:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2010.12.27 19:26:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wacom
[2010.06.18 21:22:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2011.03.13 16:07:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
========== Purity Check ==========
< End of report >
--- --- ---
-Gmer ausgeführt
(Bericht im Anhang)
-aswMBR ausgeführt: Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-10 16:57:19
-----------------------------
16:57:19.234 OS Version: Windows 5.1.2600 Service Pack 3
16:57:19.234 Number of processors: 1 586 0xD08
16:57:19.234 ComputerName: ACKINOTEBOOK UserName: Acki
16:57:19.687 Initialize success
17:01:04.734 AVAST engine defs: 12101000
17:01:16.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:01:16.531 Disk 0 Vendor: HTS421280H9AT00 HAJOA70G Size: 76319MB BusType: 3
17:01:16.531 Disk 1 \Device\Harddisk1\DR4 -> \Device\0000008b
17:01:16.531 Disk 1 Vendor: ( Size: 76319MB BusType: 0
17:01:16.578 Disk 0 MBR read successfully
17:01:16.578 Disk 0 MBR scan
17:01:18.453 Disk 0 Windows XP default MBR code
17:01:18.468 Disk 0 Partition 1 00 12 Compaq diag NTFS 7153 MB offset 63
17:01:18.843 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 33385 MB offset 14651280
17:01:18.953 Disk 0 Partition - 00 0F Extended LBA 35777 MB offset 83023920
17:01:18.968 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 35777 MB offset 83023983
17:01:19.140 Disk 0 scanning sectors +156296385
17:01:19.468 Disk 0 scanning C:\WINDOWS\system32\drivers
17:01:57.750 Service scanning
17:02:30.187 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:02:42.281 Modules scanning
17:02:58.906 Disk 0 trace - called modules:
17:02:58.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spme.sys >>UNKNOWN [0x86f8c938]<<
17:02:58.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f1aab8]
17:02:58.937 3 CLASSPNP.SYS[f75f0fd7] -> nt!IofCallDriver -> \Device\0000007f[0x86f1b9e8]
17:02:58.937 5 ACPI.sys[f734d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86f1bd98]
17:03:00.468 AVAST engine scan C:\WINDOWS
17:03:13.125 AVAST engine scan C:\WINDOWS\system32
17:10:10.562 AVAST engine scan C:\WINDOWS\system32\drivers
17:10:35.859 AVAST engine scan C:\Dokumente und Einstellungen\Acki
17:14:29.796 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Acki\Desktop\aswMBR\MBR.dat"
17:14:29.796 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Acki\Desktop\aswMBR\aswMBR.txt"
17:18:27.578 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Acki\Desktop\aswMBR\MBR.dat"
17:18:27.593 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Acki\Desktop\aswMBR\aswMBR.txt"
17:32:44.078 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:35:41.343 Scan finished successfully
17:35:52.093 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Acki\Desktop\aswMBR\MBR.dat"
17:35:52.109 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Acki\Desktop\aswMBR\aswMBR.txt"
17:36:04.796 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Acki\Desktop\aswMBR\MBR.dat"
17:36:04.796 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Acki\Desktop\aswMBR\aswMBR.txt"
|
